SI-10(5)—Information Input Validation | Restrict Inputs to Trusted Sources and Approved Formats
IL5
IL6
>Control Description
Restrict the use of information inputs to ⚙organization-defined trusted sources and/or ⚙organization-defined formats.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
Restricting the use of inputs to trusted sources and in trusted formats applies the concept of authorized or permitted software to information inputs. Specifying known trusted sources for information inputs and acceptable formats for such inputs can reduce the probability of malicious activity. The information inputs are those defined by the organization in the base control (SI-10).
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern restrict inputs to trusted sources and approved formats?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to restrict inputs to trusted sources and approved formats issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
- •What anti-malware solutions are deployed and how are they configured?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-10(5) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
- •Can you show recent malware detection reports and response actions?
Ask AI
Configure your API key to use AI features.